faad2 icon indicating copy to clipboard operation
faad2 copied to clipboard
verified publisher icon knik0

Fuzzing integration with oss-fuzz

Open DavidKorczynski opened this issue 4 years ago • 2 comments

Hi!

I have been working on getting fuzzing into faad2 and it would be great to get it aligned with OSS-Fuzz. OSS-Fuzz is a free service run by Google that will run the fuzzers continuously and report back with bug reports when bugs are found. These reports will have full stack traces, input triggers and more. If you are interested, then the only thing needed is an email connected to a Google account that can be used for receiving the bugs reports. I have set up an initial integration with OSS-Fuzz here: https://github.com/google/oss-fuzz/pull/6046 - the CI currently fails due to zero-sized buffers in NeAACDecInit, but I also fix this in this PR. In order to integrate with OSS-Fuzz, I would just need an email and then get this PR merged, following that I will clean up the PR on the OSS-Fuzz repo https://github.com/google/oss-fuzz/pull/6046 by removing the fuzzers from there.

Let me know what you think.

DavidKorczynski avatar Jul 15 '21 20:07 DavidKorczynski

Hello and thank you very much for this! Isn't it possible for OSS-Fuzz to simply file bug reports at the project's issue tracker? I am asking, because nobody is actually properly maintaining this project here anymore. I am merely the only one left with commit rights, but I see myself more as a janitor than an actual maintainer, mostly because I have only very limited knowledge of most of the code. Thus, I am not going to give out my email address for this, sorry.

However, I'd like to cherry-pick the zero size buffer fix that you commited, if that's okay for you.

fabiangreffrath avatar Jul 27 '21 11:07 fabiangreffrath

Isn't it possible for OSS-Fuzz to simply file bug reports at the project's issue tracker? Unfortunately not. However, we can make it such that all bugs are visible to the public (on https://bugs.chromium.org) Then bugs will be visible, but in order to see detailed reports you will still need to have an email in the project.yaml in the oss-fuzz repository.

Am happy to set this up and then see how it goes - we can always add/remove emails.

However, I'd like to cherry-pick the zero size buffer fix that you commited, if that's okay for you.

Yes, that's perfectly fine - but am also okay with merging this in and having the fuzzers run following my proposal above.

DavidKorczynski avatar Jul 27 '21 16:07 DavidKorczynski

Hi, David @DavidKorczynski and Fabian @fabiangreffrath.

If I'm not mistaken, zero-size-buffer is already fixed. If not I can cherry-pick it.

Let's rebase and land. I volunteer to handle oss-fuzz findings for faad2. I'm already looking after brotli, brotli-java, brunsli and libjxl in oss-fuzz.

eustas avatar Apr 19 '23 09:04 eustas

Yeah, the fix is here: https://github.com/knik0/faad2/commit/a65ecabd13a6b991781d75856e1b6870ce00fc70

Rebased

DavidKorczynski avatar Apr 19 '23 09:04 DavidKorczynski

Once this is merged I'll take care of https://github.com/google/oss-fuzz/pull/6046 to get things rolling on OSS-Fuzz, @eustas should i just copy your email from the other projects you're involved with?

DavidKorczynski avatar Apr 19 '23 09:04 DavidKorczynski